Berost Randsomeware Attackers hit South Africa

Johannesburg – Over the past 48 hours, .berost virus has been the topic in the digital space. South Africa became the latest target 24 hours ago with a number of big corporations data getting infected. In the history of ransomware, .berost is the worst and those who have been victims of the virus can testify to that statement.

Digital data is one of the most valuable resources nowadays and, naturally, it is also one of the most common targets for computer hackers.

One of the most infamous examples of a mass threat that targets the files inside the users’ computers are the representatives of the Ransomware cryptovirus category, with one of their latest representatives being the malicious .Berost.

Unlike other malicious types of software, a typical cryptovirus wouldn’t really try to damage the computer’s system itself, nor would it seek to spy on the user or acquire some sensitive personal information and then threaten to make it public. Instead, what a Ransomware cryptovirus does is it locks up all user files found on the computer using a complex data encryption process for the purpose.

Once your files have been locked you will see a _readme text document with the information of the attacker as well as a ransom demand to get your files back.

In addition to this, the .berost ransomware could also infect your computer by having the infection files uploaded on suspicious sites. The infection files could pretend to be cracks, patches and other forms of activators.

If you receive a file, try downloading a document, visit a site and you get numerous automatic open tabs with a slow machine. Unplug the internet immediately and go through the steps that would help you recover your files. There are currently a 0.1% chance in the market at the current moment that files infected by .berost can be decrypted but we ran a test and can confidently confirm 100% files recovery.

Cleaning

1: Preparations

Note: Before you go any further, we advise you to bookmark this page or have it open on a separate device such as your smartphone or another PC. Some of the steps might require you to exit your browser on this PC.

2: Task Manager

Press Ctrl + Shift + Esc to enter the Task Manager. Go to the Tab labeled Processes (Details for Win 8/10). Carefully look through the list of processes that are currently active on you PC.

If any of them seems shady, consumes too much RAM/CPU or has some strange description or no description at all, right-click on it, select Open File Location and delete everything there.

Also, even if you do not delete the files, be sure to stop the process by right-clicking on it and selecting End Process.

3: IP related to .Berost

Go to c:\windows\system32\drivers\etc\hosts. Open the hosts file with notepad.

Find where it says Localhost and take a look below that.

If you see any IP addresses there (below Localhost) send them to us here, in the comments since they might be coming from the .Berost.

4: Disable Startup programs

Re-open the Start Menu and type msconfig.

Click on the first search result. In the next window, go to the Startup tab. If you are on Win 10, it will send you to the Startup part of the task manager instead, as in the picture:

If you see any sketchy/shady looking entries in the list with an unknown manufacturer or a manufacturer name that looks suspicious as there could be a link between them and .Berost , disable those programs and select OK.

5: Registry Editor

Press Windows key + R and in the resulting window type regedit.

Now, press Ctrl + F and type the name of the virus.

Delete everything that gets found. If you are not sure about whether to delete something, do not hesitate to ask us in the comments. Keep in mind that if you delete the wrong thing, you might cause all sorts of issues to your PC.

6: Deleting potentially malicious data – .Berost

Type each of the following locations in the Windows search box and hit enter to open the locations:

%AppData%

%LocalAppData%

%ProgramData%

%WinDir%

%Temp%

Delete everything you see in Temp linked to .Berost Ransomware. About the other folders, sort their contents by date and delete only the most recent entries. As always, if you are not sure about something, write to us in the comment section.

7: .Berost Decryption

The previous steps were all aimed at removing the .Berost Ransomware from your PC. However, in order to regain access to your files, you will also need to decrypt them or restore them. Download Michael Gillespie decrypter here.

.Berost SUMMARY:

Name
Berost

Type Ransomware

Danger Level
High (.Berost Ransomware encrypts all types of files)

Symptoms
.Berost Ransomware is hard to detect and aside from increased use of RAM and CPU, there would barely be any other visible red flags.

Distribution Method
Most of the time, Trojans get distributed through spam e-mails and social network messages, malicious ads, shady and pirated downloads, questionable torrents and other similar methods.